General
-
Target
c321f12d46e05106d16e84c43e7a5fb86cf3fc9669c578ded6d30bc5b50f9971
-
Size
170KB
-
Sample
221203-gc66cshg27
-
MD5
d5850e323653c6c6704df49be7df3fad
-
SHA1
611f51cbb7417c6f9f9769b8a6dea2639251321a
-
SHA256
c321f12d46e05106d16e84c43e7a5fb86cf3fc9669c578ded6d30bc5b50f9971
-
SHA512
e1ceefa5e60271415c5c47645ea69cb13bce810f3319a4478d1d862bcb2ca367b10e2a7a8315d5f925598d93bb902e6ae5b85e0c9ac3558f2a7e4a9666034830
-
SSDEEP
3072:Sz5iXfPGUYdmRaUS5+5lcXWiZX3AUPJS/JaGe5jaSshD9SyG9:SNQf+UYmRaUS5oOXwUPAJaGhphDxG9
Static task
static1
Behavioral task
behavioral1
Sample
c321f12d46e05106d16e84c43e7a5fb86cf3fc9669c578ded6d30bc5b50f9971.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
c321f12d46e05106d16e84c43e7a5fb86cf3fc9669c578ded6d30bc5b50f9971.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
c321f12d46e05106d16e84c43e7a5fb86cf3fc9669c578ded6d30bc5b50f9971
-
Size
170KB
-
MD5
d5850e323653c6c6704df49be7df3fad
-
SHA1
611f51cbb7417c6f9f9769b8a6dea2639251321a
-
SHA256
c321f12d46e05106d16e84c43e7a5fb86cf3fc9669c578ded6d30bc5b50f9971
-
SHA512
e1ceefa5e60271415c5c47645ea69cb13bce810f3319a4478d1d862bcb2ca367b10e2a7a8315d5f925598d93bb902e6ae5b85e0c9ac3558f2a7e4a9666034830
-
SSDEEP
3072:Sz5iXfPGUYdmRaUS5+5lcXWiZX3AUPJS/JaGe5jaSshD9SyG9:SNQf+UYmRaUS5oOXwUPAJaGhphDxG9
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies firewall policy service
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-